- Previous message: Victor Duchovni: "Re: Postfix -> EIMS AUTH failure"
- Maybe in reply to: Andreas Hasenack: "use results of one ldap query in a subsequent one"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
|
|
|
From: Andreas Hasenack (no email)
Date: Thu Aug 02 2007 - 17:23:23 EDT
On Thu, Aug 02, 2007 at 03:50:09PM -0400, Victor Duchovni wrote:
> On Thu, Aug 02, 2007 at 04:19:52PM -0300, Andreas Hasenack wrote:
> > cn=foo,ou=group,dc=example,dc=com
> > cn: foo
> > objectClass: posixGroup
> > memberUid: user1
> > memberUid: user2
> > memberUid: user3
> > ...
> >
> > uid=user1,ou=people,dc=example,dc=com
> > uid: user1
> > objectClass: inetOrgPerson
> > mail:
> > ...
> >
> > There is no DN pointing back to the user entry, nor is there something
> > in the user entry hinting to which groups the user is part of, so I
> > can't use special_result_attribute.
> >
> > With the above, is there a way I could have postfix, after getting the
> > member list, to a subsequent query on each user to fetch their mail
> > attribute? Or some other solution?
>
> The unix user names will get @$myorigin appended to them, these are then
> subject to further rewriting. It should just work.
Ok, that works if I use another expansion later, something like:
alias_maps = hash:/etc/postfix/aliases,ldap:/etc/postfix/group_expand.cf, ldap:/etc/postfix/ldap_alias.cf
group_expand.cf:
query_filter = (&(objectClass=posixGroup)(mail=%u@*))
result_attribute = memberUid
ldap_alias.cf:
query_filter = (&(objectClass=inetOrgPerson)(uid=%u))
result_attribute = mail
One problem with this now is that users with no mail attribute in their
entries will remain in the recipient list. For example, let's say from
the list above (user1, user2 and user3) only user2 had no mail
attribute. He would still be in the final recipient list as user2@$myorigin.
|
|
|